Spam blocking by keywords in header
Question asked by Matthew Titley - May 15 at 6:15 AM
Unanswered
Hi all,
 
Can anyone foresee legitimate mail being dropped by adding a rule searching incoming header info for "0.0.0.0" or "UnknownHost" and then either dropping or filtering the message based on that content rule?
 
Getting inundated with stuff like this:
 
Return-Path: <BlancheXX@7363.com>
Received: from [0.0.0.0] (UnknownHost [82.194.10.53]) by mail.hosting.specialops.com with SMTP;
   Tue, 15 May 2018 05:53:58 -0400
It's getting by all my tests and filters for some inexplicable reason. It really shouldn't. Why would SM even accept a message from 0.0.0.0 in the first place? I don't think the null sender rule would help here.
 
Ideas?

3 Replies

Reply to Thread
3
kevind Replied
Not sure about the content rule, but here are some ideas...
 
I'm guessing you have block for no reverse DNS? What about upgrading to the latest version?  Saw this in latest release notes for v15, but not sure what it means:
  • Fixed: rDNS and SPF both fail if there's no sending IP. (E.g., when a message comes from a gateway.)
Or, it might be related to this bug from 2016:
0
Matthew Titley Replied
Thanks. Yeah, I have RDNS blocking. I'm on v15.7.6572. Not the latest v15 build. I should upgrade to 6698. I'm tempted to implement a custom rule for UnknownHost. Maybe I'll start with an intermediate spam rating rather than a drop.
0
Hemen Shah Replied
Am too in same boat and had raised this to SM and expecting fix in future release till then.

Reply to Thread